POPIA Compliance

Last updated: May 2026

Our Commitment to POPIA

BookAFix is committed to complying with the Protection of Personal Information Act (POPIA), Act 4 of 2013. We process personal information lawfully, in a reasonable manner, and in accordance with the conditions for lawful processing.

Information Officer

Conditions for Lawful Processing

We adhere to the following POPIA conditions:

1. Accountability

We take responsibility for complying with POPIA and have appointed an Information Officer to oversee compliance.

2. Processing Limitation

We only collect personal information that is necessary for our legitimate business purposes — facilitating home service bookings between clients and providers.

3. Purpose Specification

Personal information is collected for the following specific purposes:

• Account creation and management
• Facilitating service bookings
• Processing payments
• Provider identity verification
• Communication between parties
• Platform improvement and analytics

4. Further Processing Limitation

We do not process personal information for purposes incompatible with the original purpose of collection without your consent.

5. Information Quality

We take reasonable steps to ensure personal information is complete, accurate, and up to date. Users can update their information at any time through their profile.

6. Openness

This notice and our Privacy Policy inform you about how we process your personal information. We are transparent about our data practices.

7. Security Safeguards

We implement appropriate technical and organisational measures to protect personal information:

• Encrypted data transmission (HTTPS/TLS)
• Secure payment processing via Paystack (PCI-DSS compliant)
• Access controls and authentication
• Regular security assessments
• Secure data storage with backups

8. Data Subject Participation

You have the right to:

• Request confirmation of whether we hold your personal information
• Request access to your personal information
• Request correction of inaccurate information
• Request deletion of your personal information
• Object to the processing of your personal information

Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify you and the Information Regulator as required by POPIA.

Cross-Border Transfers

Your data is primarily stored and processed in South Africa. If any data is transferred internationally (e.g., for cloud hosting), we ensure adequate protection is in place.

Retention Periods

• Active accounts: Data retained while account is active
• Closed accounts: Data deleted within 90 days, except where legally required
• Financial records: Retained for 5 years as required by tax law
• KYC documents: Retained for the duration of the provider relationship

Exercising Your Rights

To exercise any of your rights under POPIA, please contact our Information Officer at informationofficer@bookafix.co.za. We will respond within 30 days.

Complaints

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator: